Ransomware payments dropped 35% in 2024
Chainalysis says a combination of law enforcement actions and better defenses led to less money going out to ransomware actors.
Law enforcement hammered cybercrime in 2024. Is it…
In 2024, authorities took aim at ransomware gangs, malware developers, cybercriminal infrastructure and cryptocurrency thieves. Here's a look at the…
PoC Exploit Released for macOS Kernel Vulnerability CVE-2025-24118 (CVSS 9.8)
Uncover the details of CVE-2025-24118, a critical vulnerability in Apple's MacOS. Understand the risks and the patched versions.
Ransomware roundup: 2024 end-of-year report - Comparitech
In 2024, ransomware groups claimed responsibility for 5,461 successful ransomware attacks on organizations worldwide. 1,204 of these attacks were confirmed by the targeted organizations. The rest were claimed by ransomware groups on their data leak sites, but have not been acknowledged by the targets.
Ministers consider ban on all UK public bodies making ransomware payments | Cybercrime | The Guardian
Prohibition would bring the NHS, schools and local councils into line with government departments
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. #Apple #Computer #InfoSec #Integrity #Microsoft #Protection #SIP #Security #System #Vulnerability #macOS
Recruitment Phishing Scam Imitates Hiring Process
A phishing campaign is using CrowdStrike recruitment branding to deliver malware disguised as a fake application. Learn more.
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
We agree - modern security engineering is hard - but none of this is modern. We are discussing vulnerability classes - with no sophisticated trigger mechanisms that fuzzing couldnt find - discovered in the 1990s, that can be trivially discovered via basic fuzzing, SAST (the things product security teams do with real code access). As an industry, should we really be communicating that these vulnerability classes are simply too complex for a multi-billion dollar technology company that builds enterprise-grade, enterprise-priced network security solutions to proactively resolve?
FunkSec – Alleged Top Ransomware Group Powered by AI
- The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. FunkSec operators appear to use AI-assisted malware development which can enable even inexperienced actors to quickly produce and refine advanced tools. The group’s activities straddle the line between hacktivism and cybercrime, complicating efforts to understand their true motivations. Many of the group’s leaked datasets are recycled from previous hacktivism campaigns, raising doubts about the authenticity of their disclosures. Current methods of assessing ransomware group threats often rely on the actors’ own claims, highlighting the need for more objective evaluation techniques.
SonicWall urges admins to patch exploitable SSLVPN bug immediately
SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is
Russian ISP confirms Ukrainian hackers "destroyed" its network
Russian internet service provider Nodex confirmed on Tuesday that its network was
Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool
Privacy advocate draws attention to the fact that hundreds of police surveillance cameras are streaming directly to the open internet.
Il perd 450 francs à cause d'une faille de sécurité des CFF
Découverte d'une faille de sécurité chez CFF et chez CembraPay «Des escrocs ont acheté à mon nom des billets de train pour 450 francs» Lorsque Reto Pfammatter trouve un rappel de paiement dans sa boîte aux lettres, il se pose des questions. Pourquoi doit-il payer plus de 450 francs pour des billets CFF… qu'il n'a jamais achetés! Le Suisse s'est fait usurper son identité avec une arnaque simple.
Thousands of credit cards stolen in Green Bay Packers store breach
American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach.
Many-shot jailbreaking \ Anthropic
Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails. The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails.
Telegram Hands U.S. Authorities Data on Thousands of Users
The number of data requests fulfilled by Telegram skyrocketed, with the company providing data to U.S. authorities on 2,253 users last year.
LDAPNightmare: SafeBreach Publishes First PoC Exploit (CVE-2024-49113)
See how SafeBreach researchers developed a zero-click PoC exploit for LDAPNightmare (CVE-2024-49113) that crashes unpatched Windows Servers.
What We Know About CVE-2024-49112 and CVE-2024-49113
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score.
White House: Salt Typhoon hacks possible because telecoms lacked basic security measures
The White House said Friday the Salt Typhoon breach occurred in large part due to failures at telecom companies to protect their systems.
NATO’s Emergency Plan for an Orbital Backup Internet
An undersea cable breach would reroute to satellites
DoubleClickjacking: A New Era of UI Redressing
“Clickjacking” attacks have been around for over a decade, enabling malicious websites to trick users into clicking hidden or disguised buttons they never intended to click . This technique is becoming less practical as modern browsers set all cookies to “SameSite: Lax” by default. Even if an attacker site can frame another website, the framed site would be unauthenticated, because cross-site cookies are not sent. This significantly reduces the risk of successful clickjacking attacks, as most interesting functionality on websites typically requires authentication.
Introducing the MISP Threat Actor Naming Standard
How to name threat actor and adversaries in threat intelligence
Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group
Hackers targeted around ten official websites in Italy on Saturday, including the websites of the Foreign Ministry and Milan's two airports, putting them out of action temporarily, the country's cyber security agency said. The pro-Russian hacker group Noname057(16) claimed the cyber attack on Telegram, saying Italy's "Russophobes get a well deserved cyber response".
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.
U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by…
Finland identifies seven suspects among crew of alleged Russian 'spy' tanker
Seven crew members of the seized ship Eagle S are being treated as suspects as Finland investigates undersea cable sabotage and alleged Russian spying.
Ces hackers israéliens qui s’installent à Barcelone
Barcelone se mue en “capitale européenne de la cyberguerre”. Depuis un an et demi, “au moins trois équipes renommées d’experts en piratage informatique”, venus d’Israël, se sont installées dans la capitale de la Catalogne, détaille El Periódico de Catalunya. Le journal espagnol s’appuie sur les informations du quotidien de Tel-Aviv Ha’Aretz, qui a publié le 26 décembre un article sur les hackers “délocalisés” d’Israël vers des pays de l’Union européenne, dont l’Espagne.
Infocert, in vendita nel deep web milioni di dati di utenti italiani
InfoCert, uno dei principali fornitori di identità digitale, ha confermato la violazione annunciata sui forum da criminali informatici. I dati rubati potrebbero essere usati per attacchi phishing mirati
Palo Alto Firewalls Backdoored by Suspected Chinese Hackers
A suspected Chinese hacking campaign that began in November is exploiting a vulnerability in Palo Alto firewalls to install a custom malware backdoor for espionage.